Mobile

Why iOS 8’s MAC address randomizing is a huge win for privacy

Image Credit: Apple
NOTE: GrowthBeat -- VentureBeat's provocative new marketing-tech event -- is a week away! We've gathered the best and brightest to explore the data, apps, and science of successful marketing. Get the full scoop here, and grab your tickets while they last.

At this year’s Worldwide Developer Conference, Apple announced that it’s changing how a device’s MAC address is communicated to WiFi access points in iOS 8.

This modification puts a damper in companies’ ability to track brick-and-mortar shoppers who use iPhone’s and iPad’s, forcing developers to crank up their innovation and figure out another way to capitalize on location data. Despite some concerns from others, Apple’s decision is the right thing to do in order to protect consumers and reduce potential privacy risks.

What is a MAC Address?

A MAC address is a hardware-based identification number, provided by any device that connects to a network. Hardware-based identifiers are read-only, meaning they can’t be changed. They’re written to the physical network chip in each device. When a device connects to a Wi-Fi network it’s identified by its MAC address for the duration of its connection. This allows the right traffic to be sent to and from your phone, PC, or TV regardless of how many devices are connected.


We’ll be exploring the importance of mobile privacy at MobileBeat 2014 in San Francisco on July 8-9.

Grab your tickets now!


Your device is constantly looking for a known Wi-Fi network to join, which is why when you pull out your phone at home or at work it’s already connected and ready to go. But as your phone searches for Wi-Fi, it’s broadcasting its MAC address to any Wi-Fi access points that are within range. It’s part of the handshake devices engage in to recognize each other.

Recently, a few companies have developed Wi-Fi hubs that remember the MAC addresses they see. They log your device as it scans for a hub, whether or not you join the Wi-Fi access point. These companies have installed these logging hubs in many places, allowing them to compare visitors as they move from place to place, without their knowledge.

Even if people were informed that their devices were being monitored, the only way to prevent this type of tracking is to turn off Wi-Fi completely, which is an extreme step.

Finally, there’s a difficulty with hardware-based identifiers. The mobile advertising industry, including big players like Google and Apple, has worked hard to move away from hardware-based identifiers. Software-based identifiers, like Apple’s IDFA, can be reset by users or blocked entirely. Hardware identifiers won’t change for the life of the device so if there’s a data leak and a malicious source obtains a hardware-based device identifier, the only way to ensure you will not be affected is to buy a new device.

Apple’s Privacy Challenge

So Apple faced a challenge: their users’ devices were being logged without their knowledge and without their consent. Apple’s adherence to standard network practices — broadcasting MAC addresses to WiFi hubs — created an environment where this situation could occur, leading Apple to make a change.

Starting in iOS 8, iPhones, iPads, and iPod Touches will broadcast random MAC addresses. In Apple’s words, “The MAC address for Wi-Fi scans may not always be the device’s (universal) address.” Companies that log MAC addresses won’t be able to connect individual visits to a single device. They’ll know someone is there, but not where else they’ve gone.

Some have suggested that this move is to get more people using Apple’s own iBeacon API. While this may be true, iBeacons are much more user friendly. To see a company’s iBeacons, users must install an associated application and grant it the appropriate location permissions. Applications that use iBeacons are opt-in and users are always able to opt-out by managing their location permissions.

The Right Move

iOS has a history of protecting user privacy and providing access controls. In fact, this isn’t their first big MAC address change. Last year they blocked applications from accessing the MAC address. Their only location privacy update this year called for more explicit background location access controls.

Overall, Apple’s decision to randomize MAC addresses is a win for users and the location data ecosystem. They provide a managed space where developers can innovate without overstepping user expectations.

As a growing number of applications use location in more diverse ways, they can now do so in an environment where users still retain control.

 Drew Breunig is PlaceIQ’s vice president of strategy.

More about the companies and people from this article:

Apple designs and markets consumer electronics, computer software, and personal computers. The company's best-known hardware products include the Macintosh line of computers, the iPod, the iPhone and the iPad. Apple software includes t... read more »

Powered by VBProfiles

5 comments
Kevin Smith
Kevin Smith

Does anyone know how this is going to work for Enterprises? Many of them work by MAC Address reservations or NAC access rules to allow certain devices to have access to certain resources.  Randomizing the MAC Addresses will break this for most companies.

James Fox
James Fox

step in the right direction rather than huge win, though mainly an exercise in obfuscating general all pervasive data collection from competitors. What's positive about the move is that it promotes elective and "pull" actions, as opposed to "push". It's also not that onerous to switch off wifi until you're in need of it ...

Jack S Wolfie
Jack S Wolfie

and y'all are fools for thinking this changes anything. Just have to use slightly more expensive hardware that can gather your phones cellular ID instead.

Bernardo d'Orey
Bernardo d'Orey

YEA right. a good thing is when the user decides what s(he) wants to use. In this case Apple is doing it to keep all advertising money to itself. They are not known for their "generosity" in privacy.... Remember tracking saga?